dd-audit-security-investigation
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages the pup CLI tool and jq to search and format audit log data. These command executions are standard for the tool's intended use in security auditing and data filtering.
- [SAFE]: Best practices for credential safety are followed by instructing users to utilize OAuth2 login or environment variables for API and Application keys rather than hardcoding sensitive secrets.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by ingesting and processing untrusted data from Datadog audit logs.
- Ingestion points: Audit log data retrieved via pup audit-logs search and processed in SKILL.md.
- Boundary markers: Absent; the skill relies on jq for structural processing but does not isolate log content with boundary markers.
- Capability inventory: Execution of CLI tools (pup, jq) to query, filter, and summarize external log data.
- Sanitization: Data fields are extracted and grouped using jq, but there is no specific sanitization to strip potential instructions embedded in log field values.
Audit Metadata